On Fri, Dec 27, 2019 at 12:12:32PM +0100, Claus Assmann wrote:
on the system?). However, I can no longer decrypt mails (using gpg 1.4.23)
"Could not decrypt ..."

Try refreshing your pgp_* commands against the version in contrib/gpg.rc in the tarball. 1.10.1 added $pgp_check_gpg_decrypt_status_fd, to check the status file descriptor for GPG decryption codes, to protect against spoofing. (1.6.0 also did this a bit less thoroughly, but required pro-active setting of $pgp_decryption_okay by users to enable it.).

Most likely, the '--status-fd=2' parts are missing from your $pgp_decode_command and $pgp_decrypt_command. However, it would be good to just use all the values in the gpg.rc file, to protect against other issues too. For example, there were some attacks protected against by the --no-verbose flag, which I've noticed some long-time users don't have enabled.

Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA

Attachment: signature.asc
Description: PGP signature

Reply via email to